CA Technologies Support is alerting customers to a potential risk with CA Service Desk Manager. A vulnerability exists that can allow a remote attacker to conduct cross-site scripting attacks. CA Technologies published patches to address the vulnerability. The vulnerability occurs due to insufficient verification of URL query string parameters. An attacker, who can have an unsuspecting user follow a carefully constructed URL, may perform various cross-site scripting attacks.
d63a76083ac68c48ee8a7b1f88abdecf4446e7f484d0f8db4a371147e75caf8c
Mandriva Linux Security Advisory 2013-201 - A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully-crafted certificate signed by an authority that the client trusts. The updated packages have been patched to correct this issue.
0349cb2a5969f7ce15be8221655c9c0d29087e930e70abd1986377041596b59f
Mandriva Linux Security Advisory 2013-200 - The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005. lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion attack. A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully-crafted certificate signed by an authority that the client trusts. The updated packages have been patched to correct these issues.
736656b494186a6b0fd429a99fa38e28936ba86fe90a953f36f4d67cff987694
Apache OpenOffice suffers from a vulnerability that is caused by operating on invalid PLCF (Plex of Character Positions in File) data when parsing a malformed DOC document file. Specially crafted documents can be used for denial-of-service attacks. Further exploits are possible but have not been verified. Versions affected include Apache OpenOffice 3.4.0 to 3.4.1 on all platforms.
b07c9e7c2f54011267e57cd0ce5a5198611a832d36e144dd8d1921b7f7ca3078
Xymon versions prior to 4.3.12 with the xymond_rrd module enabled suffer from a file deletion vulnerability.
05961b9deef0e4629fab271ff5bc660e184d958c0772a463c88ba29fff50ab45
Joomla Googlemaps plugin version 3.2 suffers from cross site scripting and denial of service vulnerabilities.
d2ba9c614111d4d02b0e070dcc14bca5220f56187e1021e317c465c625078204
Debian Linux Security Advisory 2727-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.
d4f5c2f1b04861b6443eec45834b6e3d0c817455527f364f468feff87986028c
Debian Linux Security Advisory 2726-1 - A buffer overflow has been discovered in the Radius extension for PHP. The function handling Vendor Specific Attributes assumed that the attributes given would always be of valid length. An attacker could use this assumption to trigger a buffer overflow.
72f234e7c07428d2e63e1a252b99f6eb0b9282b4ae5ce2396ffd5d580e411c58
Mandriva Linux Security Advisory 2013-199 - Due to incorrect data validation Squid is vulnerable to a buffer overflow attack when processing specially crafted HTTP requests. This problem allows any trusted client or client script who can generate HTTP requests to trigger a buffer overflow in Squid, resulting in a termination of the Squid service. The updated packages have been patched to correct this issue.
4815216226b61310dce0c6530a147917f7ebac473d8ffe02ed70a0815d63d93f
Ubuntu Security Notice 1909-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.70 in Ubuntu 10.04 LTS. Ubuntu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.04 have been updated to MySQL 5.5.32. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
872c16b08d04ddfc191144c894d91138478e931567d53ba3589f43b24ed515f7
Alienvault OSSIM versions prior to 4.3.0 suffer from multiple reflective cross site scripting vulnerabilities.
b97b24ad187260fb2d369e36bc782d9527bb13c5629ef33949027b13a42c4a22
HP Security Bulletin HPSBGN02905 - Potential security vulnerabilities have been identified with HP LoadRunner. The vulnerabilities could be remotely exploited to allow execution of code or result in a Denial of Service (DoS). Revision 1 of this advisory.
43da885fdebda26382764369711cbf24e26c0adae71be911ebfc154158b77f6f
HP Security Bulletin HPSBGN02906 - A potential security vulnerability has been identified with HP Application Lifecycle Management Quality Center (ALM). The vulnerability could be remotely exploited resulting in Cross Site Scripting (XSS). Revision 1 of this advisory.
3bb4602f64a408d4b34c04935b5443f73fb49fdc31020d8fcb2287535b6237ee
HP Security Bulletin HPSBMU02894 - Potential security vulnerabilities have been identified with HP Network Node Manager I (NNMi) on HP-UX, Linux, Solaris, and Windows. These vulnerabilities could be remotely exploited resulting in a Denial of Service (DoS) or unauthorized access or execution of arbitrary code. Revision 1 of this advisory.
eacd5c85848fe70e3b06674a93d19b20ce220a3b1047e565ac14544a22f6e877
Bash script that permits spoofing of LAN connections and deceive firewalls, proxies, and IDS/NIDS traffic logging.
15c6799ab16cd99792a8c63e30913b42b5ff3d802a554e339bb9f51cb44423a9
This Metasploit module quickly fires up a web server that serves the payload in powershell. The provided command will start powershell and then download and execute the payload. The IEX command can also be extracted to execute directly from powershell. The main purpose of this module is to quickly establish a session on a target machine when the attacker has to manually type in the command himself, e.g. RDP Session, Local Access or maybe Remote Command Exec. This attack vector does not write to disk so is unlikely to trigger AV solutions and will allow to attempt local privilege escalations supplied by meterpreter etc. You could also try your luck with social engineering. Ensure the payload architecture matches the target computer or use SYSWOW64 powershell.exe to execute x86 payloads on x64 machines.
3df7ddc32fd686c31c096c385be3456948866192543e5796efa9d470ac552386
The Struts 2 DefaultActionMapper supports a method for short-circuit navigation state changes by prefixing parameters with "action:" or "redirect:", followed by a desired navigational target expression. This mechanism was intended to help with attaching navigational information to buttons within forms. In Struts 2 before 2.3.15.1 the information following "action:", "redirect:" or "redirectAction:" is not properly sanitized. Since said information will be evaluated as OGNL expression against the value stack, this introduces the possibility to inject server side code. This Metasploit module has been tested successfully on Struts 2.3.15 over Tomcat 7, with Windows 2003 SP2 and Ubuntu 10.04 operating systems.
c240d5878f508b714bf5ceed219b636cd035393594292bf01d990b95dae4b372
Cisco Security Advisory - The Cisco Video Surveillance Manager (VSM) allows operations managers and system integrators to build customized video surveillance networks to meet their needs. Multiple security vulnerabilities exist in versions of Cisco VSM prior to 7.0.0, which may allow an attacker to gain full administrative privileges on the system.
8667d0b02c37ab85ed00ba5415096d156c627c81a71f23f4f17c7bbd0f63005b
Windu CMS version 2.2 suffers from a cross site request forgery vulnerability.
56a019a032958f9c270c1d504c29c57aa2108f118b9fc5f71f438a5c0d1abdf6
arp-scan sends ARP (Address Resolution Protocol) queries to the specified targets, and displays any responses that are received. It allows any part of the outgoing ARP packets to be changed, allowing the behavior of targets to non-standard ARP packets to be examined. The IP address and hardware address of received packets are displayed, together with the vendor details. These details are obtained from the IEEE OUI and IAB listings, plus a few manual entries. It includes arp-fingerprint, which allows a system to be fingerprinted based on how it responds to non-standard ARP packets.
ce908ac71c48e85dddf6dd4fe5151d13c7528b1f49717a98b2a2535bd797d892
The Broadkam PJ871 DSL router does not authenticate password change requests. Broadkam is a knock-off Chinese vendor.
ee602bcc310237488f32e7419735e88a1ba71b6992ab9384e9e57fff4b69c756
WordPress Duplicator plugin version 0.4.4 suffers from a cross site scripting vulnerability.
c11bcdd0311e215255171e238d9b2a4a5c5cbb4a495aa33f118f1d414bc6792b
Windu CMS version 2.2 suffers from multiple persistent cross site scripting vulnerabilities.
983c1316e05ee3e68fccee8c5baa23d337d5c12ebe07bd048da47708da19351a
AutoCAD DWG-AC1021 suffers from an arbitrary pointer dereference vulnerability that can be exploited to compromise a system.
219a7db1a561eff423e65169d002771554f84e51f9e61f3996c00b73c866de51
Mandriva Linux Security Advisory 2013-198 - A denial of service flaw was found in the way libxml2, a library providing support to read, modify and write XML and HTML files, performed string substitutions when entity values for external entity references replacement was requested / enabled during the XML file parsing. A remote attacker could provide a specially-crafted XML file containing an external entity expansion, when processed would lead to excessive CPU consumption (denial of service.This a different flaw from CVE-2013-0338. parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state. The updated packages have been patched to correct these issues.
0adde045bd99e01ceb9cddd85290c183f51ea250b87fc07a959a2b1d427e791d